GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-11-01 20:15:36 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC31P 149,05GB Running: 7v4z3esk.exe; Driver: C:\Users\Tomek\AppData\Local\Temp\kwddykog.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C8AA35 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC4392 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtCreateFile + 6 7720560E 4 Bytes [28, 04, E6, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtCreateFile + B 77205613 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtMapViewOfSection + 6 77205C6E 4 Bytes [28, 07, E6, 00] {SUB [EDI], AL; OUT 0x0, AL} .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtMapViewOfSection + B 77205C73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenFile + 6 77205D1E 4 Bytes [68, 04, E6, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenFile + B 77205D23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenProcess + 6 77205DCE 4 Bytes [A8, 05, E6, 00] {TEST AL, 0x5; OUT 0x0, AL} .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenProcess + B 77205DD3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenProcessToken + 6 77205DDE 4 Bytes CALL 762143E8 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenProcessToken + B 77205DE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenProcessTokenEx + 6 77205DEE 4 Bytes [A8, 06, E6, 00] {TEST AL, 0x6; OUT 0x0, AL} .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenProcessTokenEx + B 77205DF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenThread + 6 77205E4E 4 Bytes [68, 05, E6, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenThread + B 77205E53 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenThreadToken + 6 77205E5E 4 Bytes [68, 06, E6, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenThreadToken + B 77205E63 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenThreadTokenEx + 6 77205E6E 4 Bytes CALL 76214479 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtOpenThreadTokenEx + B 77205E73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtQueryAttributesFile + 6 77205F7E 4 Bytes [A8, 04, E6, 00] {TEST AL, 0x4; OUT 0x0, AL} .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtQueryAttributesFile + B 77205F83 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtQueryFullAttributesFile + 6 7720602E 4 Bytes CALL 76214637 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtQueryFullAttributesFile + B 77206033 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtSetInformationFile + 6 7720667E 4 Bytes [28, 05, E6, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtSetInformationFile + B 77206683 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtSetInformationThread + 6 772066DE 4 Bytes [28, 06, E6, 00] {SUB [ESI], AL; OUT 0x0, AL} .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtSetInformationThread + B 772066E3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtUnmapViewOfSection + 6 772069FE 4 Bytes [68, 07, E6, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[1660] ntdll.dll!NtUnmapViewOfSection + B 77206A03 1 Byte [E2] .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1952] kernel32.dll!SetUnhandledExceptionFilter 761DF5AB 4 Bytes [C2, 04, 00, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + 6 7720560E 4 Bytes [28, 50, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtCreateFile + B 77205613 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + 6 77205C6E 4 Bytes [28, 53, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtMapViewOfSection + B 77205C73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + 6 77205D1E 4 Bytes [68, 50, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenFile + B 77205D23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + 6 77205DCE 4 Bytes [A8, 51, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcess + B 77205DD3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + 6 77205DDE 4 Bytes CALL 7620CD34 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessToken + B 77205DE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + 6 77205DEE 4 Bytes [A8, 52, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenProcessTokenEx + B 77205DF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + 6 77205E4E 4 Bytes [68, 51, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThread + B 77205E53 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + 6 77205E5E 4 Bytes [68, 52, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadToken + B 77205E63 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + 6 77205E6E 4 Bytes CALL 7620CDC5 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtOpenThreadTokenEx + B 77205E73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + 6 77205F7E 4 Bytes [A8, 50, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryAttributesFile + B 77205F83 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + 6 7720602E 4 Bytes CALL 7620CF83 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtQueryFullAttributesFile + B 77206033 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + 6 7720667E 4 Bytes [28, 51, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationFile + B 77206683 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + 6 772066DE 4 Bytes [28, 52, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtSetInformationThread + B 772066E3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + 6 772069FE 4 Bytes [68, 53, 6F, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[2192] ntdll.dll!NtUnmapViewOfSection + B 77206A03 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + 6 7720560E 4 Bytes [28, 68, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtCreateFile + B 77205613 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + 6 77205C6E 4 Bytes [28, 6B, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtMapViewOfSection + B 77205C73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + 6 77205D1E 4 Bytes [68, 68, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenFile + B 77205D23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + 6 77205DCE 4 Bytes [A8, 69, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcess + B 77205DD3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + 6 77205DDE 4 Bytes CALL 7620A34C C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessToken + B 77205DE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + 6 77205DEE 4 Bytes [A8, 6A, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenProcessTokenEx + B 77205DF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + 6 77205E4E 4 Bytes [68, 69, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThread + B 77205E53 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + 6 77205E5E 4 Bytes [68, 6A, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadToken + B 77205E63 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + 6 77205E6E 4 Bytes CALL 7620A3DD C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtOpenThreadTokenEx + B 77205E73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + 6 77205F7E 4 Bytes [A8, 68, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryAttributesFile + B 77205F83 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + 6 7720602E 4 Bytes CALL 7620A59B C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtQueryFullAttributesFile + B 77206033 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + 6 7720667E 4 Bytes [28, 69, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationFile + B 77206683 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + 6 772066DE 4 Bytes [28, 6A, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtSetInformationThread + B 772066E3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + 6 772069FE 4 Bytes [68, 6B, 45, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3584] ntdll.dll!NtUnmapViewOfSection + B 77206A03 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + 6 77205C6E 4 Bytes [18, 20, 03, 6F] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[3936] ntdll.dll!NtMapViewOfSection + B 77205C73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + 6 7720560E 4 Bytes [28, AC, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + B 77205613 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + 6 77205C6E 4 Bytes [28, AF, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + B 77205C73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + 6 77205D1E 4 Bytes [68, AC, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + B 77205D23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + 6 77205DCE 4 Bytes [A8, AD, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + B 77205DD3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + 6 77205DDE 4 Bytes CALL 7620AA90 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + B 77205DE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + 6 77205DEE 4 Bytes [A8, AE, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + B 77205DF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + 6 77205E4E 4 Bytes [68, AD, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + B 77205E53 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + 6 77205E5E 4 Bytes [68, AE, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + B 77205E63 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + 6 77205E6E 4 Bytes CALL 7620AB21 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + B 77205E73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + 6 77205F7E 4 Bytes [A8, AC, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + B 77205F83 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + 6 7720602E 4 Bytes CALL 7620ACDF C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + B 77206033 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + 6 7720667E 4 Bytes [28, AD, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + B 77206683 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + 6 772066DE 4 Bytes [28, AE, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + B 772066E3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + 6 772069FE 4 Bytes [68, AF, 4C, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + B 77206A03 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtCreateFile + 6 7720560E 4 Bytes [28, E0, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtCreateFile + B 77205613 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtMapViewOfSection + 6 77205C6E 4 Bytes [28, E3, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtMapViewOfSection + B 77205C73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenFile + 6 77205D1E 4 Bytes [68, E0, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenFile + B 77205D23 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenProcess + 6 77205DCE 4 Bytes [A8, E1, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenProcess + B 77205DD3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenProcessToken + 6 77205DDE 4 Bytes CALL 7620B7C4 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenProcessToken + B 77205DE3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenProcessTokenEx + 6 77205DEE 4 Bytes [A8, E2, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenProcessTokenEx + B 77205DF3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenThread + 6 77205E4E 4 Bytes [68, E1, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenThread + B 77205E53 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenThreadToken + 6 77205E5E 4 Bytes [68, E2, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenThreadToken + B 77205E63 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenThreadTokenEx + 6 77205E6E 4 Bytes CALL 7620B855 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtOpenThreadTokenEx + B 77205E73 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtQueryAttributesFile + 6 77205F7E 4 Bytes [A8, E0, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtQueryAttributesFile + B 77205F83 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtQueryFullAttributesFile + 6 7720602E 4 Bytes CALL 7620BA13 C:\Windows\system32\kernel32.dll .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtQueryFullAttributesFile + B 77206033 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtSetInformationFile + 6 7720667E 4 Bytes [28, E1, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtSetInformationFile + B 77206683 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtSetInformationThread + 6 772066DE 4 Bytes [28, E2, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtSetInformationThread + B 772066E3 1 Byte [E2] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtUnmapViewOfSection + 6 772069FE 4 Bytes [68, E3, 59, 00] .text C:\Users\Tomek\AppData\Local\Google\Chrome\Application\chrome.exe[4088] ntdll.dll!NtUnmapViewOfSection + B 77206A03 1 Byte [E2] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@721F97F7 479 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{2CCA2A4E-072B-11E1-9691-806E6F6E6963} 4151605920 ---- EOF - GMER 2.1 ----